The tricky issue of spyware with a badge: meet ‘policeware’

Spyware is hated for a reason, but how does the issue of detecting and …

It's well known that organizations with nefarious and often criminal goals support and distribute malware and spyware that allows them to snoop on and/or manipulate people's computers. However, what is less well-known is that some of the people behind spyware are ostensibly the "good guys"—law enforcement officers who install the software on suspects' computers to assist them with their investigations.

The existence of "policeware" is not well-known, but the US government has used this sort of software before. In 2001, federal agents obtained permission from a judge to enter a suspect's home and install keylogging software on his computer. The rationale for this unusual mode of investigation was to get around encryption software such as PGP and the web e-mail service, Hushmail, that the suspect was using. More recently, FBI agents used a virus to bust a bomb threat hoaxer.

So, given the fact that federal investigators and possibly other law enforcement personnel are using spyware to monitor suspect's computers, what happens when said suspects run antispyware programs?

A fascinating CNET survey of top antispyware vendors found that of 13 software companies, all of them stated that it is currently their policy to detect police spyware. When asked if they had ever received a court order to stop detecting police spyware, nine of the companies denied having received such a request. Computer Associates said they were not sure, and both Microsoft and McAfee declined to comment on the question.

Sounds good, right? Notably, a few companies admitted that they would whitelist policeware if it were requested, including the maker of ZoneAlarm, a popular firewall app. More interesting, CNET said that when asked flat-out if they would whitelist for the police when asked, the question was sometimes ignored.

The issue of checking for police spyware has come up before. After the Hushmail incident, an article was released about the FBI developing a new form of spyware delivered as a virus called Magic Lantern that could be installed on users' computers without a agent having to be physically present at the computer. According to an Associated Press article from 2001, McAfee Corporation contacted the FBI after the Magic Lantern story broke to "ensure its software wouldn't inadvertently detect the bureau's snooping software and alert a criminal subject." McAfee later denied that such contact had taken place.

The issue of whether or not the government should be allowed to electronically snoop in this way is a contentious one. Many people would agree that if a search warrant has been previously obtained for a suspect's house as part of a criminal investigation, the installation of snooping software would be an acceptable extension of that search.

However, the recent NSA wiretapping scandal shows that the federal government is not always going to bother obtaining search warrants in the first place, and considers casting a wide net of surveillance to be an acceptable method of counter-terrorism, despite the fact that it is of dubious value as such. As for court orders to anti-spyware companies to not detect policeware, no such orders have been confirmed and Kevin Bankston, an attorney with the Electronic Frontier Foundation, told CNET that "the government would be pushing the boundaries of the law if it attempted to obtain such an order." However, this too could be circumvented by using the Wiretap Act.

If such an order is given to stop detecting federal government snoopware, savvy criminals could simply turn to open-source software such as ClamAV and OpenAntiVirus.org that can be audited to see that there are no backdoors or workarounds installed at the request of the government.